Collaborate Disseminate
A bit of a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain
Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver vari… Continue reading Malspam emails overnight Monday 4 February to Tuesday 5 February 2019
Another malware campaign using malformed RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing the payload and an “innocent” lure doc to be displayed. Today it l… Continue reading Formbook via fake invoice using Microsoft Office Equation Editor exploits
The next Formbook campaign today is a bit of a cock-up from the malware bad actors. The email invites you to quote for 720 of an unspecified object, the details being in the attached file. This is where they have made the mistake and made it less like… Continue reading More Formbook via fake order using broken .rar attachments
Another Formbook campaign this morning using a somewhat complicated and devious chain to get on the victim’s computer. It all starts with a very basic & simple email that pretends to be an order but contains what appear to be a set of previou… Continue reading Formbook from fake order via complicated chain using multiple equation editor exploits
A slightly unusual malware campaign this morning. The email is nothing special and spoofs a Maltese Shipping company ( it is highly probable that multiple other companies will also be spoofed with this campaign). It pretends to be an outstanding Paymen… Continue reading Fake outstanding payment delivers Formbook and an unknown malware at same time.
Following on from Today’s earlier Formbook campaign using exploits in RTF files we are now seeing another campaign that appears to be coming from the same bad actors using .exe files disguised as a bat file inside a zip. The email pretends to … Continue reading Formbook via fake statement of account
A bit of a change with the Formbook malware delivery system today. An email with the subject of “Re: Payment Update” pretending to come from “Silvia.Rey@rotork.com” with a malicious word RTF doc attachment delivers Formbook. T… Continue reading Formbook delivered via “new” RTF exploit
It looks like the summer holidays are over and the malware scumbags are trying out new and different delivery methods to catch us all unawares. This latest one is an email pretending to be a bank transfer notification with the subject of “Re: Pay… Continue reading Formbook malware delivered via RTF exploit downloading MSI file
An email with the subject of “FW: URGENT PAYMENT FOR OVERDUE INVOICES” pretending to come from FINANCE <salgar@dgkw.com> with both a malicious word doc and an Excel XLS spreadsheet attachment delivers Formbook. These attachments… Continue reading Fake URGENT PAYMENT FOR OVERDUE INVOICES delivers formbook